Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11071	2021-08-09 19:09	usermasabikx.exe a9266bc4e0eb8e1244798b6052992097 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.0	M	18	ZeroCERT

11072	2021-08-09 19:10	out3.pdf 439fa869bda56295a034ecc758acac1c PDF Check memory	2 Keyword trend analysis	2			1.2			JYC

11073	2021-08-09 19:10	.csrss.exe 2ab705e4887e148c8f090a275e5200ca Lokibot PWS Loki[b] Loki[m] RAT .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	12	ZeroCERT

11074	2021-08-09 19:13	.audiodg.exe 67039f6aff636fb8e1cf386f9e0b2e96 PWS Loki[b] Loki[m] RAT .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.0	M	18	ZeroCERT

11075	2021-08-09 19:15	vbc.exe 57e6f6a7c2b3dbe90dee739cdaa87f52 Malicious Library PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		8.8	M	22	ZeroCERT

11076	2021-08-09 19:17	pal.exe a4f1e23b78cf003686e3bcda9ff0e837 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					13.6	M	24	ZeroCERT

11077	2021-08-09 19:19	deck.exe 4776da05c78ba1b356b957c481de3df9 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					12.0	M	23	ZeroCERT

11078	2021-08-09 19:21	PII00032803.exe 87dbb557eb789fdb91c6180f421a4595 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	4		16.0	M	21	ZeroCERT

11079	2021-08-09 19:23	jobo.exe 9b5d0b2727ad3129860cd68a32065431 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					12.6	M	24	ZeroCERT

11080	2021-08-09 20:44	ygg.exe 7a9937985a0be118c3bda7cd21af3679 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					12.8	M	31	ZeroCERT

11081	2021-08-09 20:44	pope.exe 5d64deaf17af3b2a3e89ac138e6edeef PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.8	M	17	ZeroCERT

11082	2021-08-09 20:46	dcj83r7fy7328.exe 86178014e457120d9dc6f6e27453338c NPKI Generic Malware UPX Malicious Packer Anti_VM Malicious Library PE64 PE File VirusTotal Malware					2.0	M	44	ZeroCERT

11083	2021-08-09 20:46	pub1.exe 63e8323e027ce66e345d1febb78df7d0 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself					1.8	M	29	ZeroCERT

11084	2021-08-09 20:48	mazx.exe a8cdc1904d40b6c05f524e28ffd07b17 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	2 Keyword trend analysis	4	1	1	8.2	M	18	ZeroCERT

11085	2021-08-09 22:01	2.pdf de2a8a728f81d44562bfd3e91c95f002 Kimsuky Javascript ShellCode PDF VirusTotal Malware heapspray unpack itself Windows utilities Tofsee Windows Java	1 Keyword trend analysis	2	1		4.4		25	ZeroCERT